- Cloud application credentials are the target for more than one-third of phishing campaigns, according to Netskope's Cloud and Threat report released Wednesday. The research was collected from annonymized usage data from the Netskope Security Cloud platform between January 2020 and Dec. 31, 2020. Netskope data drew on insights from "millions of users," the company said.
- At the end of 2020, 61% of malware was delivered via cloud-based apps, compared to 48% in Q1 2020, according to the report. Microsoft OneDrive, Amazon S3, Microsoft Sharepoint, Box and GitHub were among the most popular apps used to deliver malware.
- In 2020, 13% of phishing pages were found in cloud services, according to Netskope. Hackers are successful in cloud-based phishing and malware attacks because they pursue "trusted domains, valid certificates, and the practice of allow-listing popular apps to bypass inline defenses only reduces friction for attack success," according to the report.
Phishing and malware pushed companies to focus on protecting endpoints and assessing cloud storage security, especially in a remote work environment.
Hackers targeting cloud app credentials hide in plain sight because they can avoid phishing-detection solutions. Using familiar-looking domains or websites accompanied by HTTPS certificates are the perfect place for phishing attacks to hide, according to Check Point. Hackers latch onto public cloud services, such as Google Cloud or Microsoft Azure, for hosting the phishing pages.
"The attackers can overcome this obstacle and disguise their malicious intent, improving their chances of ensnaring even security-savvy victims," said Check Point.
The remote workforce set up a perfect storm for hackers with unfettered access to the cloud. The use of cloud-based applications increased 20% year over year in 2020, according to the report. Organizations with between 500 and 2,000 employees use 664 "distinct cloud apps" monthly.
Before the pandemic sent employees home, for companies that are cloud-first or cloud-only, there was no local infrastructure tying them to an office, said Barak Engel, founder and chief geek at EAmmune, while speaking on a virtual SANS Institute fireside chat in January.
Organizations unaccustomed to that cloud-only model, where they still manage a local IT infrastructure, likely feel "there's an increased attack surface because you're not used to that," said Engel. "I'm just not sure how much of it is an actual increase in the attack surface" versus what is perceived as an increase in attack surface. "One may not match the other," he said.
The high volume of cloud apps doesn't directly correlate with weakened security. It's the quality of the apps that matter. Nearly half of the apps used in enterprises were ranked as having a poor Cloud Confidence Index (CCI), according to Netskope.
The company uses the CCI audit to compare cloud services against their peers in security. Of those low-graded apps found in the enterprise, the top apps employees upload data to include Yahoo Mail, ILovePDF and PDF to PNG.